CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

OSV•added 2024/04/13 9:15 p.m.•5 views

CVE-2024-3740

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has...

9.8CVSS7.1AI score

Exploits0References5

NVD•added 2024/04/13 9:15 p.m.•15 views

CVE-2024-3740

9.8CVSS6.5AI score0.00815EPSS

Exploits1References5

Vulnrichment•added 2024/04/13 8:31 p.m.•12 views

CVE-2024-3740 cym1102 nginxWebUI reload exec deserialization

6.5CVSS6.9AI score0.00815EPSS

Exploits1References5

CVE•added 2024/04/13 8:31 p.m.•70 views

CVE-2024-3740

The CVE-2024-3740 entry affects cym1102 nginxWebUI up to version 3.9.9. The issue resides in the exec function of /adminPage/conf/reload, where deserialization is triggered by manipulating the nginxExe argument, enabling potential remote code execution. The vulnerability details are supported by ...

9.8CVSS6.8AI score0.00815EPSS

Exploits1References5Affected Software1

Cvelist•added 2024/04/13 8:31 p.m.•18 views

CVE-2024-3740 cym1102 nginxWebUI reload exec deserialization

6.5CVSS6.7AI score0.00815EPSS

Exploits1References5

OSV•added 2024/04/13 7:15 p.m.•4 views

CVE-2024-3739

A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed...

9.8CVSS7.9AI score

Exploits0References4

CVE•added 2024/04/13 6:31 p.m.•65 views

CVE-2024-3739

The CVE-2024-3739 entry concerns cym1102 nginxWebUI up to 3.9.9. Affects unknown code in /adminPage/main/upload; manipulating the file parameter triggers OS command injection. Exploitation is remote and the vulnerability has been publicly disclosed. Multiple sources (NVD/NVD-derived, Red Hat, CNV...

9.8CVSS7.6AI score0.02891EPSS

Exploits1References4Affected Software1

Cvelist•added 2024/04/13 6:31 p.m.•21 views

CVE-2024-3739 cym1102 nginxWebUI upload os command injection

6.5CVSS7.3AI score0.02891EPSS

Exploits1References4

Vulnrichment•added 2024/04/13 6:31 p.m.•14 views

CVE-2024-3739 cym1102 nginxWebUI upload os command injection

6.5CVSS7.7AI score0.02891EPSS

Exploits1References4

OSV•added 2024/04/13 6:15 p.m.•4 views

CVE-2024-3738

A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. T...

9.8CVSS7.2AI score

Exploits0References4

NVD•added 2024/04/13 6:15 p.m.•12 views

CVE-2024-3738

9.8CVSS7.3AI score0.00517EPSS

Exploits1References4

Vulnrichment•added 2024/04/13 5:31 p.m.•9 views

CVE-2024-3738 cym1102 nginxWebUI saveCmd handlePath certificate validation

7.5CVSS7.2AI score0.00517EPSS

Exploits1References4

Cvelist•added 2024/04/13 5:31 p.m.•23 views

CVE-2024-3738 cym1102 nginxWebUI saveCmd handlePath certificate validation

7.5CVSS7.5AI score0.00517EPSS

Exploits1References4

NVD•added 2024/04/13 5:15 p.m.•8 views

CVE-2024-3737

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit ha...

9.8CVSS6.4AI score0.009EPSS

Exploits1References4

CVE•added 2024/04/13 4:31 p.m.•53 views

CVE-2024-3737

CVE-2024-3737 affects cym1102 nginxWebUI up to 3.9.9. The vulnerability is a path traversal in the function findCountByQuery in /adminPage/www/addOver, triggered by manipulation of the dir argument. The issue can be exploited remotely and had publicly disclosed exploits. Affected versions: up to ...

9.8CVSS6.8AI score0.009EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2024/04/13 4:31 p.m.•13 views

CVE-2024-3737 cym1102 nginxWebUI addOver findCountByQuery path traversal

6.5CVSS6.9AI score0.009EPSS

Exploits1References4

NVD•added 2024/04/13 2:15 p.m.•9 views

CVE-2024-3736

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

7.5CVSS4.8AI score0.00918EPSS

Exploits1References4

CVE•added 2024/04/13 2:0 p.m.•54 views

CVE-2024-3736

CVE-2024-3736 affects cym1102 nginxWebUI up to version 3.9.9. The vulnerability resides in the upload function of /adminPage/main/upload, enabling unrestricted file upload. This can be exploited remotely and the exploit has been disclosed publicly. Impact is high on availability (per CVSS) with n...

7.5CVSS6.9AI score0.00918EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2024/04/13 2:0 p.m.•16 views

CVE-2024-3736 cym1102 nginxWebUI upload unrestricted upload

4.3CVSS7AI score0.00918EPSS

Exploits1References4

CNNVD•added 2024/04/13 12:0 a.m.•7 views

nginxWebUI 信任管理问题漏洞

nginxWebUI is an nginx web configuration tool. A trust management issue vulnerability exists in nginxWebUI, which stems from improper certificate validation of the nginxPath parameter of the handlePath method of the /adminPage/conf/saveCmd file. An attacker could exploit this vulnerability to cau...

9.8CVSS6.7AI score0.00517EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by